Fujitsu Laboratories Ltd. today announced the development of a technology that enables safe and easy use of cloud services through IoT devices using the biometric authentication functionality of smartphones and near-field wireless functionality.

In the era of IoT, various devices are connected to cloud services. When using these services such as parcel delivery lockers in apartments or public facilities, or when using car sharing services, user authentication will need to take place each time a service is used. With existing ID and password systems, users have to manage multiple IDs and passwords which make the authentication process cumbersome.

By applying FIDO(1) technology that enables biometric authentication of a cloud service's user without extracting biometric information from that user's smartphone, Fujitsu Laboratories has developed technology that establishes a secure network between a cloud service, an IoT device, and a smartphone, and then simultaneously verifies the identity of the user and that the user is in front of the IoT device.

With this newly developed technology, users can safely and conveniently access cloud services through a variety of IoT devices without inputting an ID and password, using just their smartphone's biometric authentication. In addition, this technology enables the provision of a strong personal authentication service using biometrics without requiring service providers to manage an individual's biometric information for each device or service.

This technology will be shown at RETAILTECH JAPAN, the 33rd retail information systems trade show, held March 7 - 10.

Development Background

It is said that by 2020, several tens of billions of IoT devices will be connected to the internet, bringing huge changes to industries and our daily lives. It is expected that, by connecting a variety of devices, the number of services connecting people and devices will expand. For example, having customized services and settings made available while multiple users have access to any given car sharing vehicle, or providing insurance based on the characteristics of a user, their usage history, and the car being used. As these types of situation become more common, there is a need for a more convenient, new authentication technology to replace the existing system of ID and password authentication in which users have to manage multiple IDs and passwords.

Issues

Biometric authentication, which does not require an ID or password authentication, is a convenient method for authenticating users. However, in order to use biometric authentication with a variety of IoT devices, it would be necessary to incorporate biometric authentication hardware into each of those devices. Also, in creating various services using IoT devices, there has been the issue of authenticating users in a safe and convenient way.

About the Technology

Picture: Diagram of the authentication pathway (credit: Fujitsu)

Picture: Sample usage scenarios (credit: Fujitsu)

By applying FIDO technology and using a smartphone with biometric authentication capability, Fujitsu Laboratories has developed a technology that securely authorizes cloud service usage by authenticating a user through strong biometric authentication, without needing to incorporate any biometric authentication hardware.

With the newly developed technology, when a user uses an IoT device, by first physically moving the user's smartphone in close proximity to the IoT device, the smartphone's software and the IoT device's software can exchange confidential information with each other, creating a temporary secure communications pathway between the smartphone and the IoT device, without any effort on the user's part.

Next, users utilize the biometric authentication functionality of their smartphones to carry out authentication, and a certificate verifying the results of the biometric authentication and the fact that the person is in front of the device are sent using the FIDO protocol to the cloud service. The cloud service uses this information to verify both the person using it and the fact that the person is in front of the device, then the IoT device authenticates the user and the service is provided to the user through the IoT device.

This technology makes it possible for users to make use of services through a variety of IoT devices in a safe and secure environment, using the biometric authentication functionality of the smartphone they use every day.

Effects

With this newly developed technology, users can expect increased convenience, with the ability to use cloud services through IoT devices using the biometric authentication functionality of the smartphones they use regularly, without having to manage IDs or passwords, or register and manage authentication information on other devices that feature biometric authentication. In addition, for service providers, it is now possible to provide strong personal authentication using biometric authentication, without having to manage individual biometric authentication information for each device or service.

For example, by using a smartphone to identify the user, biometric authentication safely enables the use of a smartphone to unlock a fleet or car sharing vehicle, start the engine, or automatically adjust a vehicle's settings to a user's preferences. In addition, it enables safe and secure authentication of a user for a variety of services which require user authentication for IoT devices, such as parcel delivery lockers and access into secured rooms.

Future Plans

Fujitsu Laboratories will continue to validate this newly developed technology for a variety of usage cases, aiming for commercialization during fiscal 2017 as a technology that expands the FUJITSU IoT Solution Biometric Sensor Authentication Solution Online Biometric Authentication Service(2).

[1] FIDO (Fast IDentity Online)

An online authentication protocol for authenticating individuals on devices such as smartphones, without sending individual authentication information through the internet, specified by the FIDO Alliance.